package com.candy.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {
    //配置添加自定义认证数据源，替换过滤器
    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        http.formLogin()
                .loginPage("/toLogin") //登录页面
                .loginProcessingUrl("/login") // 登录提交的请求 ，必须和登录表单那边的action一致才行
                .successForwardUrl("/toMain") //登录成功后跳转页面 //跳转页面是在Controller中实现的
                .failureForwardUrl("/toError"); //登录失败的页面 //也是post请求

        //认证授权
        http.authorizeRequests()
                //开放登录请求
                .antMatchers("/toLogin").permitAll()
                .antMatchers("/toError").permitAll()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated();

        //关闭csrf 这个是跨站伪造攻击，关了就行
        http.csrf().disable();
        return http.build();
    }

}